In the Internet of Things, Many Things to Worry About

by Marty Cook  on Monday, Feb. 4, 2019 12:00 am   5 min read

The connectivity of the world continues to grow and, with it, concerns about privacy and data security.

Today, someone in Little Rock can click on his phone and order something from another state and have it home-delivered in days. Another shopper can open her phone and get updates about what’s inside her refrigerator at home.

The convenience of computer networks and smartphones and data-sharing devices — the “internet of things” — can seem a godsend to those who appreciate the speed and ease of staying connected. For others, the all-inclusiveness of the IoT — eye-oh-tee, as most tech people say — means a constant battle for security.

“If you look at any technological advancement, anytime you add something new you basically create new vulnerability,” said Kent Watson, vice president of technology at Metova in Fayetteville. “What are the new vulnerabilities? To some extent, we don’t know.”

Watson said this after using his credit card to buy breakfast at a coffee shop in Evelyn Hills Shopping Center. The card and scanning device are encrypted to protect the customer and the business from having financial information hacked; that’s the optimistic assumption given that there are regular news reports of supposedly secure networks being breached.

“The cash register has several different vulnerabilities that we will learn over time,” Watson said.

For IoT and data security, Watson’s resume is about as good as it gets. He helped create websites for Walmart Inc. of Bentonville and Sam’s Club while at Rockfish Interactive in Rogers.

The IoT has driven the connectivity — and vulnerability — of a computerized world. With ever more devices, household appliances, cars and watches sharing data, hackers can scout along the line to find the easiest entry points.

Jarrod Ramsey, a technology specialist with Microsoft in Bentonville, said he loves accessing his phone with a fingerprint scan, even though he is fully aware he has put that data out in the cyberworld. Convenience of use often overwhelms the inconvenience of protection.

The internet of things will become increasingly pervasive, he predicts. “The breadth of adoption that will climb from IoT will increase more of those vulnerabilities,” Ramsey said.

“There are some future issues we have to vet out — society and individuals. We have to make sure we are not creating problems for ourselves.”

Ramsey said he has two Wi-Fi systems at home, one for his family’s devices and one for visitors. Passwords are separate.

While at the coffee shop, Watson looked at his phone and showed how it had registered him at his current location. It wasn’t the GPS application that was reporting, but the phone searching for the coffee shop’s Wi-Fi network.

Even if a smartphone doesn’t connect, phone and Wi-Fi or other systems will “hand shake” automatically. “I haven’t connected to Wi-Fi but the communication still happens,” Watson said.

Major companies including Walmart, Amazon and Apple have highly secured networks and databases supported by armies of technicians always scanning for breaches. The trouble is that consumers who use the internet of things often lack the same sophistication and security, and even secure networks get hacked.

The IoT can actually magnify the vulnerability. Hackers don’t care about how much milk is in your refrigerator, but they can mine the data to see how often you open it; on days you don’t open it at all, the signal might be that you’re away and your home is ripe for a burglary.

If someone hacks into your child’s computer game, it’s not to research your prodigy’s high score. If you use a credit card to order more Fluffy Bits or Gold Coins for your child, then the hacker now has that information.

“That’s one of the most common attacks out there, and it’s going on around the clock,” Watson said.

When a database is hacked and emails and passwords compromised, the IoT opens up a world of vulnerability for the hacker. This is because, due to the need for convenience, consumers often use the same password for multiple accounts and devices.

Access to your child’s vulnerable game may leave your bank account, your phone and your cloud data ripe for the picking.

“It’s not just kiddie hackers; it’s state agencies now,” Watson said. “You have states like Russia that have entire federally funded teams that do nothing but attacking. You have companies in China that steal [intellectual property] just to knock off American manufacturing. They’ve stolen schematics on commercial devices so they can reprduce things made here.”

Get The List
Largest IT Consulting Companies - ranked by number of certified technicians. Includes number of Arkansas employees, market area, services, top local executives, year founded and contact information.

Watson said there is no such thing as 100 percent safe on the internet. For every patch the good guys make, the bad guys are scheming to find another vulnerability.

But it’s not hopeless for consumers to protect their information in a time of mass sharing. Watson said strong passwords — encrypted if saved on a device — and knowing what you’re connecting to are important safety standards.

Another is buying devices from reputable companies. A bargain router or phone might not be a bargain if it has out-of-date security; most major companies regularly send updates and patches for their products as vulnerabilities are recognized.

“If you can’t guarantee the source of something, that’s the first place I would question everything,” Ramsey said. “With the convenience of technology, we tend to forget everything that is tied to it.”

The main responsibility lies with the companies that collect and store data. Ramsey said it is imperative that companies do security-assessment tests on each product to make sure it is safe for use.

That won’t prevent all attacks, because hacking organizations are good at what they do. But consumers can limit their vulnerability to an IoT string attack by having different passwords and firewalls on their devices and accounts.

Jia Di, a computer engineering professor at the University of Arkansas at Fayetteville, said defending devices on the IoT is important because they are often the least protected on the chain.

“It is indeed a big concern, because IoT devices, there are so many of them,” Di said. “They don’t really have a gigabyte of RAM or a terabyte of hard drive to implement very complicated security mechanisms. Because of that, it is relatively easy to compromise those devices. All it takes is the weakest link.”

People don’t have to go huddle in a cave with sticks and stones, though. There are steps to take to make you safer.

“The simplest answer I can give you is to consult some kind of expert,” Di said, laughing. “Think of it this way — let’s just talk about regular cybersecurity: How many people still use the default password on their Wi-Fi router? A lot. Those passwords, others know them as well.

“Changing passwords from default: That’s something you can teach anyone in a minute.”

 

 

Please read our comments policy before commenting.